More Related Content
Similar to 20190223 JAWSDAYS 2019 AWS の Management Tools を使ったハイブリッドアーキテクチャ (20)
More from Yukitaka Ohmura (10)
20190223 JAWSDAYS 2019 AWS の Management Tools を使ったハイブリッドアーキテクチャ
- 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Web Services Japan
/ 0123
A
A
JAWS DAYS 2019
- 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
2
&
B E
) (
a O U
• D W g A
J S
• & - - -
M UG
• U T e
- 3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• O Mla dT D t so C D o
• hW D OVeC D o
• / / 1 / 1 wE i
• hW D W Oyu lA
• t TO D OVe l r A
• Mla D c P S l nDo
• O mD t
• /
- 4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
2
C1 /
C1 4 /
3 4 4
D/
/ .
/
. 5
3 4 6 I 5
3 4 D /
( 3 4 . 1-
- 5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
= =
- 7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
1 4 A 4A D4 A A 2.
. C4A
/ A / C + 5
S 3 T LGH PNR
- 9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Internet
VPC
Account Account
Account Account
VPC
Account Account
Account Account
VPC
Account Account
Account Account
VPC
URL filtering
NAT gateway
DLP / Proxy
VPC
WAF / ADC
SD-WAN
VPN / Firewall
VPC
IDS / IPS
Firewall / NGFW
VPC
Authentication, Monitoring
VPN
AWS Direct
Connect *
Account Account Account Account
(logging, AWS Organizations, billing, landing zone)
IAM, Cross-account roles
Route
tables
Route
tables
Transit Gateway East-West +
North-South
Available Early 2019
AWS Transit Gateway -
- 10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
( -
• cu hl mjkv c 3 z
• osap k _ e ng_ y
• 3G K I 0 DA W &V iao e ng
otd rw e ng S 3 bwl awk
P II E: L C NED :EC K : B I I G D E DI GK : ICB
) ( 3 A ((
ü C NED &
ü C NED MD CE
ü C NED 3. - I L M
ü C NED BE I:
ü E B
ü C NED 3.
ü B I : 0E B D: D
3.
ü C NED / D I
IG C
ü C NED 2
ü M I C 1 D G
SaaS
- 11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
1 12 c
• S VK
V AV
P Ca E N
• ef .C
VoD c
K A
V P I t N
• V
AV P oDi
mCefdKSA K
D N
3 013s . 0 nk
3 . 30
0 = 232 .
V
rB
3 V
rB
k (
n 0
( Lef
DILa C W
i ESR P
.) I BRA
- 12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A
On-prem servers
Direct Connect
VPN
1
PrivateLink
- 13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
-3 21 1 - -3- - 3 P C NS
-3 -. 21 1 - -3- - 3 NS
https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/vpce-interface.html
= DNSD A
VPCEC NV B
P
= C NV B
- 14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
:EE D D A A 5 A D D8 C EI :A EA D8E D C8DA E A 58E 88 A C8 D8D
8E AC D D D D C8 EACI D8C 8 A CA E8
• n o bmi
kjd 2/ /CA 8
.1 N2/ tpS - 0
gkd 3 3 3 c
edrw s RP
• v uXSV
C D
RP
• .1hal XSV
1 8 5 A y
D
- 15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
3 5
55 / : / - . / : 3 5 3 . 3 3 3 .
• e d
P
/ N VZ
e e S
A
• C e d
N c e
• D e e
P
DC H
- 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A I
A
On-prem
servers
1
PrivateLink
A A
C
Route52 Resolver for Hyvrid Clouds
VPC Provided DNS
- 17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
e P
H
• H a T
• L iS /
• gW A
Systems Manager
CloudWatch
Systems Manager
CloudWatch
CodeDeploy
CodeDeploy
- 18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
/.
. 3
1 24
- 19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
5 5 G A 2 B E
) 4 B,CAA B: 5 CB2 B E
) 3 G 2 B E GE G E
PSM ) 5G G 2 B E 2 BG B B B:C
MRW ) 4 C E /EC D
A LCB , C : G 1C .I BG B G
5 ,CB 4
5 ,C: ,CAA G ,C: : ,C: D C ,C: 3 D B
( 5 ,1
- 20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
pn
AWS cloud
data center
g
F e Mag
l o
l o
ru s
Run Command
Automation
gS g ECg E
g g cS W
Lambda Ag Mag
Step Functions
W g g d
&
cgI
rvt i
:S3
S3
CloudWatchLogs
SNS
W g g
:
c fIP cSC y
:
Role L o
x
Athena&Quicksight
x h
& Lambda ECS
Distributer
- 21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
y ur g
D I R
/ A Ies l
P Nen / t en m o a
A M g
I I A M a
ur
IAM SI
Systems
Manger API
A
A M
g
SSM SI
y②
⑤
- 22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
No
1-1 - SSM - RunCommand
1-2 - SSM - Session Manager
2-1 - SSM & AWS Config
3-1 - SSM - PatchManager
3-2 - SSM & OpsWorks
4-1 - & CloudWatch
4-2 - & CloudWatch Logs
4-3 - SSM + CloudWatch
- 24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
m
R I
• n ae W gC
• lm P 33- .
e W W mC g
• t 3 .- / W g
• oL
• 3- 1 L S
Wiu A
SSM
RunCommand
API Call
Polling
API Call SM 1 p Ly La e e d
- 25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
W I g r s IL
SSM
SessionManager
/.
M
• W gC g
A
• W I A
nr
• .. .2 0 0329 AEi
W I Sd P
• W I d h
w
• s IL i
g ea Ii l L
• . o
• / 1 - 29. 2 P
- 26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SSM
StateManager
WMG
• Am R nih fo R
MG
• R MWa u d R
MG
• RrlA dg d O ei i
v . . I
-R 1. . . t
s v C
• v O v
• 2 . OwAw R
• GS Rfo R h i
y O
SSM
Inventory
SSM
RunCommand
.
AWS Config
- 27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
oih
MB R
• n oih Mt t 21 7:
S OP
OM u mu S MB
• oih)1 7: nS P
• 17: :1:3 07:
S . : -1 3 )1 7: lc u
nw C
• u mu ( (
• ds abtoih ss P w
PB Soih
• S. : 1: oih e ul
B
SSM
PatchManager
SSM
Maintenance
Window
oih)1 7:
P W
oihs
oih
P
u mu S
)1 7: S OM
oih
SSM
Run
Command
- 28. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
tP b g e
S L
• a 2- - 3 r
uk
• a 2- - 3 P
dc i
dc PRW
• - 3 M C
y
• nso t w
. 2 I c l
r k RA
• 2- R R r
SSM
RunCommand
Ansible
Playbook on S3
- 29. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
k x ai
O
• c ai
• tLu Or nC
w sv
• & 1-. la
-4 1 4 ai
• 4>. 4 LPS u
• . O 1 la
P
• W ai oL
CloudWatch la
(+ StatsD or collectd)
eb la
l
CloudWatch
mt
. /1.
u Or nC
laD
& 1-. N
ai
eb l
ai hd
- 30. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
c t c
• c
• m >
• c i CN
l
• 2 . - h W d
• c s un o
c I N
• 2 . - &4 g
CloudWatch h W d
(+ StatsD or collectd)
W d
d b
CloudWatch Logs
m
.
>
W d L
2 . -
aS
d
c
2 . - &4
c i
- 31. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
i u n cS h f
• . - mW L
k l
or
• L I 1 S a l
A t C P
• . - 1 1
a ed l
• 31 -4 1 a ed
. - mW L
g M
SSM
RunCommand
SSM
ParameterStore
SSM Agent +
CloudWatch m
W
①CWW
L
②CWW
L z
- 32. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
-
- 33. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
No
1-1 - GUI
1-2 - CUI AWS CLI
2-1 - API CloudWatch Events
2-2 - SSM - StateManager
2-3 - SSM - MaintenanceWindow
- 34. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
e iU v R iU
M G
• mt - ) P lC
/P Sia rA
no
• - k
• di Wi k
• - I) l
Sia a C
e iU GL
• di Wi IRi (
P G
) u A
SSM
RunCommand
- 35. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
ac m m
C
• L
• ) Rm
• W e c Rm
ms l
• - P ( R E
• - P R
dI( R E
t
• Sc b W u
h or
• ( I Av ) e nRm
u
SSM
RunCommand
- 36. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
MI o
• o v
•
• ( ae r
MI
• ( ( - y (
M S
ng
• A M S
t
SSM
RunCommand
SSM
StateManager
- 37. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SWb deR o ae e Me
A C
• tm
F (( F bae o A
ouin
• , -
e F
• A Me o A L ce
(( - (( -
( , w
• m ae e
A
• L ceF p o Fw
SSM
RunCommand
SSM
MaintenanceWindow
- 38. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
-
- 39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
No
1-1 SSM -
- 40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
sc t m
o a g
c t
AWS
ResourceGroup
①o ah
d d B
d MS sc
t m
R C
• mu d H t l
y
• o ah d d
• d sc t m
• sc t m - 8660 2 y
• sc o ah d
t l A
• sc t m Ms tDW=
8 2 0:1 n h Ay W
:0
-
:0
- 41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 42. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
/
No
6-1 CodeCommit
6-2 CodeBuild
6-3 CodeDeploy
6-4 / CodePipeline / Jenkins
- 43. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
( D
CodePipeline or Jenkins
S I S
.java
.java
CodeCommit CodeBuild CodeDeploy CodeDeploy
NP )
Code
Artifact
- . - - / 5 - . -/.1- C
- 44. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
.1
C3 /
C3 5 /
2 4 5 5
D/
/ .
/
. 6
2 4 5 I 6
2 4 5 D /
( 2 4 5 . 3-
- 45. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
w
• :129 4:A
• 0. i c r z
AA 1 1 1 2 1 A 3B2A
• e gj cd k
• i
e gj c i c t c l o J U
• W a h p
• - 0. / W a h umS G n
• AA 1 B 1 2 2 1 2
• s
•
•
- 46. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!